The following Acronyms and Abbreviations are used in this document.                AIC Associated Identity Control        ARC Associated Rights Control        AS Associated Service        ASC Associated Security Control        ATC Associated Trust Control        CPU Central Processing Unit        DES Data Encryption Standard        EU End User        FFS For Further Study        GSM Global System for Mobility        GPRS General Packet Radio Service        IC Instantaneous Communications        IEEE Institute of Electrical and Electronic Engineers        IIc Independent Identity Control        IP Internet Protocol        IRC Independent Rights Control        IrDA Infrared Data Association        IS Independent Service        ISC Independent Security Control        ITC Independent Trust Control        LAN Local Area Network (see definitions)        MIPS Million Instructions Per Second        OSI Open Systems Interconnection        PAN Personal Area Network        PS Privacy Service        RFID Radio Frequency Identification        RSA Rivest, Shamir, Adleman        R Receive or Sink        RD Receive Deviation        RP Receive Policy        S Send or Source        SD Send Deviation (from Policy)        SP Send Policy        SSL Secure Sockets Layer        UNITRIPS Unified Trust, Rights, Identity, Privacy and Security        UDB User Database        UWB Ultra Wideband        WAN Wide Area Network        WEP Wired Equivalent Privacy        WS Web Services        WTRU Wireless Transmit/Receive Unit        
In general, privacy is an end user state, such as a state of being secluded from the presence of, or view of others, a state of being free from unsanctioned intrusion, or a state of being concealed. There may be different states instantaneously for any or all of the attributes that define an end user state of privacy. These states and their importance may change based on application, context and time per an explicit or implicit policy. For example, to a shy teenager their first object of secret affection may carry the highest of privacy concern—however to the same adult, it is nothing more than a cute snippet of low privacy merit.
A quantifiable privacy experienced by an end user is reflected in a delta between a policy state (i.e. “what is desired”) and an observed state (i.e. “what actually happens”).
In newer communications landscape that are emerging, the term converged network is often used to describe the steady evolution/revolution that is taking place in the world of communications. Wireless networks are becoming increasingly diverse. Current systems provide limited, single function devices that are closely tied to single networks. Emerging systems will utilize flexible, powerful devices with transparent access across multiple heterogeneous networks.
FIG. 1 shows an exemplary logical model of a converged network having four principle technology layers: personal area network (PAN), local area network (LAN), wide area network (WAN) and Cyberworld. The model places an end user at the center of a progression of logical concentric spheres or layers. Each level is defined by a plurality of technologies & standards, and a plurality of network and device nodes enabled with these technologies. Communications occur via device and network nodes in one or more layers.
Such a converged network provides new opportunities to deliver new, or enhanced, services to end users. The inventors have recognized that such services may include: broadband on the go and, info-fuelling: intelligent information transfer using best available network, health and wellness via sensor networks, and integrated location services so that the end user will experience a true sense of always being connected, always being “plugged in”.
The inventors have further recognized a number of challenges that lie in the path of the converged network vision. Examples of these challenges include: How do you provide access to multiple heterogeneous networks in a manner that is transparent to the user? How will users interact with their devices in order to support and simplify interaction with multiple networks? How do you provide manageability across multiple stakeholders? How do you provide battery life sufficient to support extended use of advanced transport technologies? In particular the inventors have recognized the need to define and address problems created by the converged network in the area of privacy and security. The following observations have been made by the inventors.
End User Implications of the Emerging Environment
An end user's experience in a converged network may be described as continuous. With the increasing ubiquity and diversity of available communication schema, an end user will typically be always connected to a converged network. Thus, it will be possible for user data flows to occur continuously with near minimal impedance. The end user relationship with the converged network will also become increasingly intimate with context-aware technologies (e.g. location, presence, behavior) supporting an increasingly human-like interaction between the end user and the communication environment.
Virtually any digital information or content (or plurality thereof) that may be created or consumed by an end user or on behalf of an end user can be communicated as user data via a node in a converged network. User data may be created or consumed voluntarily or involuntarily. Further, user data may be stored in, or propagated by, the nodes in the converged network.
Typical examples of user data are shown in FIG. 2 that include: medical content, financial information, location, presence, personal content, commercial content, environment information and behaviors. User data will be the fuel of the converged network. A continuously flowing exchange of user data will drive ever-increasing value added service offerings and relationships. In the emerging environment of a converging network, the line between the end user and the user data will become increasingly difficult to determine as end users become ever more intimately associated with a catalog of behaviors and actions in the digital world. In the converged network it might be said that the end user is the user data.
The inventors have recognized that the need to maintain a continuous connection with the converged network has significant implications on end user privacy and security. In current non-converged networks where the average end user is connected for only a small period of the time and PAN/LAN interactions are limited, the problems of spam, pop-ups, virus-attacks, incessant advertising and a general feeling of digital vulnerability are all too familiar. In the converged network the end user will be connected continuously and on-going interactions at the PAN, LAN and WAN levels will be commonplace. This coupled with the inexorable shift to all digital media (for user data) will leave end user's exposed to a massive escalation of privacy and security problems.
The inventers have recognized privacy and security problems that can be characterized in three metaphors: “information overload”, “Big Brother”, and the “Kafka Nightmare”. In the first case, the end user is overwhelmed with data and content. In the second case, the end user becomes disenchanted with the loss of personal privacy control. The third case refers to a privacy metaphor established by Franz Kafka in his seminal novel, “The Trial”, in which an end user is persecuted for a crime that he has no knowledge of. The analogy in the information age relates to the misuse (deliberately or accidentally) of user data resulting in some negative action that the End User only becomes aware of after the fact.
Under “Big Brother”, the challenge is to control how User Data is used in the cyberworld. However under the “Kafka nightmare”, the challenge is providing the end user with controls when their user data is misused (or abused) in the cyberworld.
The success of the Converged Network may well depend on how well these problems are addressed. The inventors have recognized that current privacy and security technologies are limited in their ability to provide the necessary safeguards and controls for the protection of the User Data in all the diversity of communication schema in a Converged Network. A User Data problem is thus presented as follows.
The User Data problem
FIG. 3 shows a general view of the privacy and security technology gap that is emerging with the development of the converged network. As discussed above, the inventors have recognized that the converged network will deliver an enhanced service experience to the end user at the expense of an increased exposure to threats relating to privacy and security. The converged network will be defined by more human-like characteristics such as context sensitivity. Such an environment will demand a like paradigm shift in the nature of the service provided by its privacy and security technologies. Current technologies will persist, however they will need to be complemented with new techniques, as well as amendments to old methods, in order to guarantee a full acceptance of the converged network by end users. In essence, this defines a user data problem of how to provide relevant methods/controls to protect/safeguard all the diversity of a communication schema in the converged network. The inventors have identified three challenges to meet when addressing this problem: cost, context and control.
Cost
Privacy and security is expensive. In the non-converged network, current methods already place a heavy burden on the processing capabilities of the system elements. For example, the total processing requirements for software implementations of SSL executing on an iPAQ handset (i.e. 2325 MIPS Strong ARM processor) was shown to be around 651.3 MIPS, at a link speed of 10 Mbps. A Palm III-X handset requires 3.4 minutes to perform 512-bit RSA generation, 7-seconds to perform digital signature generation, and can perform (single) DES encryption at only 13 kbps, even if the CPU is completely dedicated to security processing.
The nodes in the converged network will be diverse (e.g. a PDA, a consumer electronic, a passport) and enabled with significantly higher throughput capabilities than are common today. Given the characteristics of the emerging environment already described it may be anticipated that the requirements on privacy and security technologies will increase (e.g. more powerful encryption, stronger authentication, and better data mining). Privacy and security technologies will need to offer more flexible solutions to address all the diversity requirements of the converged network while still satisfying increasingly stringent requirements.
Context
Current privacy and security technologies provide discrete protections/safeguards for user data in the non-converged network. They are discrete insofar as they are either on or off. A link is encrypted (e.g. IPsec) or it is not. A node passes authentication (e.g. WEP) or fails; there is trust (e.g. WS-Trust) or rejection. In current technologies there is little or no modulation of said technology with the context of the communications schema. For example, the trust levels applied to an end user, a node, or an element of user data do not vary based upon the instantaneous variables of the schema. In the converged network communications will be continuous and context sensitive. The applications driving privacy and security technologies will need to be smarter to provide relevant solutions in this environment.
Control
Current technology provides little or no controls (to the end user) regarding the secondary usage of user data after an application in an original context (e.g. a credit card purchase). The end user must defer in large part to “faith” that their digital media will be handled with honesty and integrity. In the non-converged network, where currently the transition to an “all digital media” is in its early stages, problems associated with behaviors like identity theft are increasing. In the all-digital media emerging environment of the converged network, these problems will become increasingly pervasive given the increasing importance of user data as the essential fuel of the system. The privacy and security technologies of the converged network will need to provide adequate controls to the end user to guarantee their acceptance of the emerging environment.
To address these concerns the inventors have recognized that quantitative definitions of privacy and security are required to be of value in terms of a service description. Such formal definition can be derived from the “three metaphors” described above, and the converged network characteristic that an end user is defined by the end user's data. With these perspectives considered, the inventors have recognized a need for privacy to be reduced to a quantitative definition built around user data and the relationships between the end user and a converged network.